const jwt = require('jsonwebtoken');
const { secret } = require('../config/jwtConfig');

const verifyToken = (req, res, next) => {
    const token = req.headers.authorization?.split(' ')[1];

    if (!token) {
        return res.status(401).json({
            status: 'error',
            message: '未提供认证令牌'
        });
    }

    try {
        const decoded = jwt.verify(token, secret);
        req.user = decoded;
        next();
    } catch (error) {
        return res.status(401).json({
            status: 'error',
            message: '无效的认证令牌'
        });
    }
};

module.exports = verifyToken; 